I’ll admit it: I rarely ever work with Access Control Lists. Most of my time is spent in web server land where POSIX permissions are more than adequate, so I just fire up Server Admin if I have to add an ACL.

However, a co-worker recently ran into an ACL mess after a client converted their server from Standalone to Open Directory Master and back again. So, how to strip all ACLs so you can start over? It’s probably dangerous or some command I’m not familiar with, right? Nope.

The other day I was having some issues with my VPN and Mail server working correctly. After narrowing down the issue to it being my firewall blocking the issue, I went out on a hunt to locate the possibility to be able to flush out the current rules from the firewall. OS X Leopard Server uses ipfw as it’s firewall implementation. Even OS X Leopard client uses ipfw! Fortunately it’s pretty similar to iptables which we also use on our Linux servers so there was a way to flush out the current rules. Simply using the following command will remove all the rules that haven’t been saved (which can be done either via the command line or through that nice Server Admin GUI tool):

1

sudo /sbin/ipfw -f flush

Once that’s run, you have have a peek back inside the Server Admin tool and you’ll notice under the Active Rules there should be none or only a couple. You can also show the list from the command line (which you’ll probably want to do under client since it doesn’t work with the Server Admin tool. Use this command to do so:

12

bash-3.2$ sudo /sbin/ipfw list
65535 allow ip from any to any

As you can see, I allow everything on my client machine, but on the server:

1234567891011

palomino:etc jimmybrancaccio$ sudo /sbin/ipfw list
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en0
03885 deny ip from 58.251.59.9 to any
03890 deny ip from 89.96.140.154 to any
03895 deny ip from 211.143.101.226 to any
03900 deny ip from 212.222.147.130 to any
03905 deny ip from 58.185.182.212 to any
03910 deny ip from 76.17.182.127 to any
03915 deny ip from 202.102.245.109 to any
65535 allow ip from any to any

There’s currently some blocks in place. Anyways, just a couple useful ipfw commands!

Looking for a way to jazz up your Terminal.app? Here’s a quick and easy way to do so! Open up Terminal first, then type in nano -w ~/.bash_profile This will open a command line-based text editor. The file you’re editing is one that gets loaded every time you open a new Terminal window (or tab). Paste or type in the following at the end of the document:

export CLICOLOR=1

Then hit Ctrl+O and Ctrl+X. These key commands save the file and exit the editor. Now, open a new Terminal window and type in ls. This will list the contents of the folder you’re in (which should be your home folder) and the titles of the folders should be colored as shown in the above screenshot!

Apple released Apple Server Diagnostics 3X106 yesterday to support for Snow Leopard Server and the Mac mini. If you’ve still got 3X104, you’ll need to grab the new version if you’re running Snow Leopard Server.

Approximately 70% of their customers use Mac OS X client. I shouldn’t be surprised due the former pricing, but I think the killer combination of Snow Leopard Server only costing $499 for unlimited clients and bundling it with a Mac mini configuration will change all of that.

They also remind the naysayers who complain about lack of additional Ethernet ports “that Apple’s USB Ethernet Adapter works fine on a mini. Just plug it in and you’re set.”

As of today, OpenDNS has added Deluxe & Enterprise plans to it’s free Basic service. I’ve been using OpenDNS’s free service for quite some time now and it does a good job of offering reliable, fast DNS with a few added bonuses such as phishing & botnet protection, typo correction, content filtering (if needed), and stats.

The Deluxe plan starts at $9.95/year, is ad-free, and includes the following features above and beyond Basic:

Along with other new products and a refresh of the Mac mini line, Apple has now come to their senses and is offering a Mac mini with Snow Leopard Server! For $999 you get a Mac mini w/2.53GHz Intel Core 2 Duo processor, 4GB RAM, and—get this—the optical drive has been ditched to make room for a second hard drive, so two 500GB 2.5” 5400-RPM SATA hard drives. Oh, and Snow Leopard Server, of course.

It seems like this is going to be a great deal, especially assuming that the $599 Mac mini is spec’d with 2.26GHz processor, 2GB RAM, and $160GB hard drive, and SuperDrive. I’ve been using a Mac mini as a server for years and would love to add one of these to my network.

Update: They note that you can use the MacBook Air SuperDrive (USB) if you need an optical drive. I’ve always found a MacBook in FireWire Target Disk mode to be more than adequate, in a pinch.

Resolves an issue that could cause Server Admin or Server Assistant to report a duplicate serial number in use on a server with multiple network interfaces. (Originally fixed by Network Registration Update 1.0.)

For those of you who have a Twitter addiction (or even those who manage to only take healthy doses) and haven’t discovered this fact already, you can follow @macintoshadmn for the latest updates around here. We’re too busy for a ton of chatter so you’ll mostly see the automated posting of new articles, but if there’s something important we’ll let you know.

No worries if you’re not into Twitter, there’s also our RSS feed. Get in touch if you have any questions, suggestions, or submissions.